Malicious actors have been using a new set of fake cryptocurrency apps on Google Play that are reportedly able to phish and scam users out of cryptocurrency, according to ESET researchers.
Researchers observed one app impersonating Trezor, a hardware cryptocurrency wallet. The app, called Coin Wallet – Bitcoin, Ripple, Ethereum, Tether, actually connects to a fake wallet, reportedly created on May 1, that scams unsuspecting users out of money. It appears as the second-most popular search on Google Play, according to researchers.
Bitcoin has seen growth this month, with prices inching back up to the $8,000 range. Cyber-criminals were quick to exploit this price boost and got to work targeting users with scams and malicious apps.
“We haven’t previously seen malware misusing Trezor’s branding and were curious about the capabilities of such a fake app. After all, Trezor offers hardware wallets that require physical manipulation and authentication via PIN, or knowledge of the so-called recovery seed, to access the stored cryptocurrency,” explained Lukáš Štefanko, the ESET researcher in a press release.
After analyzing the fake app, researchers noted that the fake Trezor app can’t cause harm to Trezor users because of Trezor’s multiple security layers; however, “it is connected to a fake cryptocurrency wallet app 'Coin Wallet, which is capable of scamming unsuspecting users out of money. Both these apps were created based on an app template sold online,” Štefanko added.
“The app claims it lets its users create wallets for various cryptocurrencies. However, its actual purpose is to trick users into transferring cryptocurrency into the attackers’ wallets – a classic case of what we’ve named 'wallet address scams' in our previous research into cryptocurrency-targeting malware,” said Štefanko.
ESET reported the fake Trezor app to both Google’s security teams and Trezor, which confirmed that the fake app did not pose a direct threat to their users. “However, they did express concern that the email addresses collected via fake apps such as this one could later be misused in phishing campaigns. At the time of writing, neither the fake Trezor app nor the Coin Wallet app are available on Google Play,” today’s press release stated.